Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity & Business ResilienceTransportation/Logistics/Supply Chain/Distribution/ Warehousing

Cybersecurity fundamentals for logistics partners

By Gene Price, Brion St. Amour
Semi-Trucks.jpg

Image via Unsplash

May 15, 2023

Anyone engaged in the logistics industry knows supply chain cybersecurity has been in the news lately, particularly in the “not-good” category. The interdependencies of the global supply chain make it uniquely complex when it comes to managing cybersecurity risks, including a company’s partners within the supply chain, the aggregated data they use to perform their services and the underlying transport itself. Each one of these aspects introduces an “attack vector” for cyber attackers, be they cyber criminals or state-sponsored actors. 

Consequently, the total number of attack vectors should be multiplied by the number of members or links in a supply chain, plus the cumulative data they share. Given the constant flow of high-value data across networks, it’s no small wonder that freight and logistics firm Accenture reported that one in four companies suffered reputational damage resulting from third-party cyber events. 

Beyond imputed reputational harm, there are multiple examples of destructive attacks. Washington State logistics company Expeditors was apparently hacked last year, forcing it to shut down much of its IT network. Airports and seaports have been targeted by distributed denial of service, or DDoS, attacks. Hellmann Worldwide Logistics sustained a cyberattack in December 2021 that disrupted operations for weeks. Trucking company Marten Transport was hacked last October. The Port of Lisbon was attacked in December, with criminals claiming to have stolen financials, audits, budgets, contracts and ships’ logs.

In addition, the National Security Agency’s director of cybersecurity told reporters at the RSA Conference in April that Russia has attempted to inject ransomware into Ukrainian logistics chains and those of countries supporting Ukraine. Microsoft had already acknowledged that ransomware attacks against transportation and logistics companies in Ukraine and Poland were linked to Russia. It’s not just criminals the industry is contending with; it’s nation-states and their proxies.

Combine these threats with the simple fact that logistics companies are largely tracking shipments and customer data with Internet of Things (IoT) devices in the cloud, leaving more digital targets in their wake. Anyone from shippers, maintainers and remote vendors to shared applications can have access to cloud data, which Verizon’s 2022 cybersecurity report noted as sometimes having misconfigurations, unauthorized accesses and insecure interfaces. 

Add in the recent development that a key aim of many phishing attacks has been to steal users’ credentials, providing attackers access to internal networks by pretending to be a recognized user. This refined tactic can allow delivery of ransomware from within a network, encrypting and exfiltrating data before defenders can respond.

The complexities these threats pose are daunting, yet indicate a need for added focus on those vitally important fundamentals necessary to defend an enterprise network. Good cyber hygiene can be maintained through “people” issues like training a workforce, prioritizing data and its defenses and communicating risks to leadership, combined with simple basics like patching and keeping certificates updated.

With increasing reliance on technology and third-party vendors in the logistics industry, mitigating cybersecurity risks has become a critical component of an organization’s risk management strategy. That strategy should begin with a presumption that a breach will occur, forcing a focus on resiliency. The emphasis then becomes reducing an attacker’s ability to exploit data and recovering quickly. 

A key ingredient for success is determining how to mitigate a vendor’s breach risk, which begins by ensuring its defenses are current and comply with applicable laws. For example, ensuring the vendor is actively defending its network is essential. This can be done internally with its own dedicated defenders or by using a managed security service provider. It should also have a current privacy policy and have customer and employee consents for data collection, both critical to mitigating damages under the EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA). 

Contracting processes between vendors and shippers is another crucial step for balancing financial risks and compliance. Shippers should use clearly written contracts defining the scope of services provided, including:

  • Well-written security protocols providing clear and comprehensive guidelines to follow concerning protection of sensitive information. This should include details on how data is stored, who has access to it, procedures to safeguard it, and Incident Response Plans in case of a breach. It should also include conclusions from an annual “tabletop exercise” (TTX) held to stress and test those protocols and plans.
  • Compliance with applicable federal, state and international data protection regulations. These regulations set out specific requirements for data protection and are essential for minimizing legal costs and penalties.
  • Appropriate cybersecurity insurance coverage specifically covering cyber risks and providing adequate protection against cyber threats. 
  • Avoidance of caps on vendor liability below cyber insurance policy limits. Agreeing to limitations on liability below the liability policy of a vendor (and therefore insurer) could significantly limit the amount of insurance coverage.  
  • Clauses in vendor contracts requiring them to provide notification promptly and privately in the event of a cybersecurity incident. Notifications should detail the nature and scope of an incident, progress toward full mitigation and its potential impacts.

Finally, parties should agree to regular audits of data partners to help minimize cybersecurity risks. Audits may identify potential vulnerabilities and ensure partners are complying with their contractual obligations. These audits should be conducted at least annually and include reviews of policies and procedures, employee training programs and recent security incidents. The scope and frequency of the audit should increase depending on the sensitivity of the data being shared.  

A multi-faceted, comprehensive approach to mitigating vendor cybersecurity risks will improve resiliency for logistics companies, their employeesand customers. Written security protocols tested through a tabletop exercise (TTX), compliance with data protection regulations, current privacy policies and data consents, appropriate cybersecurity insurance coverage that avoids low liability caps, and clear notification procedures are each important contract considerations businesses should apply up and down the logistics supply chain. As the industry further absorbs cybersecurity into its risk management processes, there will be more turbulence. But taking fundamental steps can reduce those bumps.

KEYWORDS: data breach hackers Internet of Things (IoT) IoT Security logistics NSA supply chain supply chain cyber security Supply Chain Disruptions

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Gene F. Price is a Partner at Frost Brown Todd.

Brion St. Amour is a Partner at Frost Brown Todd.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Georgetown University partners with DC Metro for cybersecurity fellowship program

    Georgetown partners with DC Metro for cybersecurity fellowship program

    See More
  • Capitol Technology University partners with CMMC cybersecurity and supply chain security

    Cybersecurity Maturity Model Certification Center of Excellence partners with Capitol Technology University

    See More
  • Changing the Hoodie Image for Cybersecurity

    KnowBe4 partners with the Center for Cyber Safety and Education to bolster women in cybersecurity

    See More

Related Products

See More Products
  • 150 things.jpg

    The Handbook for School Safety and Security

  • Photonic-Sensing.gif

    Photonic Sensing: Principles and Applications for Safety and Security Monitoring

  • Physical-Security-and-Safet.gif

    Physical Security and Safety: A Field Guide for the Practitioner

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!